Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

सीआरएम
e-Commerce
लेखांकन
इन्वेंटरी
PoS
प्रोजेक्ट
MRP

All apps

All Posts People Badges

टैग (View all)

odoo accounting v14 pos v15

About this forum

Help

How do I make records read only for users that do not own the record?

security

1 Reply

8830 Views

Tyler K

I have a module I'm developing that allows users to submit Change Requests. All Change Requests must be visible to all users, but only the owner of a Change Request is allowed to edit that specific Change Request.

How can I implement this using Odoo's security mechanisms?

Right now, I have defined an access rule as follows (note that the group is empty to specify default employees group)...

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
document_app_change_request_user,document_app.change_request.user,model_document_app_change_request,,1,1,1,1

Also, I have defined a record rule as follows..

<record id="document_app_change_request_user_rule" model="ir.rule"
<field name="name">Change Request: Write permission for owners only.</field>
<field name="model_id" ref="model_document_app_change_request"/>
<field name="perm_write" eval="1"/>
<field name="domain_force">[('create_uid','=',user.id)]</field>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
</record>

luna_22

Hello, please if you found a solution, kindly share it, I have the same problem.
Thank you.

Krimi Shah

Hi Tyler,

According me, you need to make two types of users. One who is User and other one is Manager.

So as per the users, record rules will be applied. Below is the code which you can refer.

<!-- Record Rule: Property Managers -->
<record id="property_rule_manager" model="ir.rule">
	<field name="name">Property Manager</field
	<field name="model_id" ref="model_property"/>
	<field name="domain_force">[(1,'=',1)]</field>
        <field name="groups" eval="[(4,ref('hr.group_hr_manager')), (4,ref('hr.group_hr_user'))]"/>
        <field name='perm_create' eval='True'/>
        <field name='perm_read' eval='True'/>
        <field name='perm_unlink' eval='True'/>
        <field name='perm_write' eval='True'/>
</record>

<!-- Record Rule: for User -->
<record id="property_rule_user" model="ir.rule">
	<field name="name">Property User</field>
	<field name="model_id" ref="model_property"/>
	<field name="domain_force">[('partner_id','=',user.partner_id.id)]</field>
	<field name="groups" eval="[(4,ref('base.group_user'))]"/>
	<field name='perm_create' eval='False'/>
        <field name='perm_read' eval='True'/>
        <field name='perm_unlink' eval='False'/>
        <field name='perm_write' eval='False'/>
</record>

Tyler K

Author

Thanks for your response.

I'm not sure that your solution addresses my requirements. I need users to have write/delete access to the Change Requests they create; however, if someone else creates a Change Request, then the user should only have read access.

I guess what I'm trying to achieve is sort of like a post on social media. Users can edit their own posts, but they can't edit the posts of other users. This is the behavior I'm looking for.

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Related Posts	Replies	Views
Mac Id restriction for Users in Odoo enterprise Solved security	1 दिस॰ 25	234
what is the differance between access right and record rules in odoo ? Solved security	5 सित॰ 25	16016
User Session Bug. security	0 जून 25	1175
How to resolve the Access Error issue? security	0 जन॰ 25	2549
Lock/unlock feature in Transfers security	0 जन॰ 25	2544

This question has been flagged

Enjoying the discussion? Don't just read, join in!